Why Ledger uses 24 Words Mnemonic?

[dgoon]

Does anyone know why all ledger wallets use 24 words instead of just 12 like the new trezor? I know that the older trezors used 24 words since recovery sometimes involved typing your seed into a computer. This isn't the case for new ledgers; all recovery is done on device. I'm making a video and just wanted to see if ya'll had any ideas. Is it just to make coding everything easier since all their wallets use 24 words?

[o_e_l_e_o]

There is no inherent reason that they must use 24 words rather than 12.

The BIP39 standard (https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki) allows 12, 15, 18, 21, or 24 words, although 12 and 24 are by far the most commonly used. 12 words encodes for 128 bits of entropy, while 24 words encodes for 256 bits. Although bitcoin private keys are also 256 bits of entropy, the secp256k1 curve that bitcoin uses provides 128 bits of security, so a 12 word phrase is more than enough and you don't really gain anything at a protocol level by using 24 words.

What you do gain by using 24 words is if part of your seed phrase is compromised (for example, if you split your seed phrase in to multiple different parts for back up), then what remains is more likely to remain secure against brute force attacks.

[Charles-Tim]

Does anyone know why all ledger wallets use 24 words instead of just 12 like the new trezor?

Only ledger company can tell us the reason why they use 24 words seed phrase rather than 12, 15, 18 or 21 seed phrase. If the reason by ledger company is because of additional security, they are wrong because if 12 word seed phrase is not compromised, or part of the words not compromised, it can not be brute-forced. And like o_e_l_e_o commented, if certain words from the 24 word seed phrase is known, there are chances for hackers to brute-force it and know the complete words. 12 words seed phrase is enough to protect your private key and your bitcoin stored on blockchain so far it is not known to attackers.

[dgoon]

Thanks for the info guys. I just wanted to make sure I wasn't missing anything.

[hugeblack]

The additional point you can get indirectly from Andreas Antonpoulos' quote is that knowing 6 of 12 words does not mean that the risk has doubled, but rather significantly.
It will be trickier in 24 words.

Correction: At 6 minutes into the video Andreas mentions that brute-forcing 80 bits of entropy is 2^196 times easier than brute-forcing 256 bits of entropy. It is actually 2^176 times easier.

Source and more ---> https://www.youtube.com/watch?v=p5nSibpfHYE


So using 24 or 12 is safe as long as no one knows a word from it, but once hacker/scammer know a few words, 24 is safer than 12.